Bug 782647 – libcroco 0.6.12 DoS

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 782647 - (CVE-2017-8834) libcroco 0.6.12 DoS

(CVE-2017-8834)
Summary:	libcroco 0.6.12 DoS


Status:	RESOLVED WONTFIX

Product:	libcroco
Classification:	Core
Component:	General
Version:	0.6.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	libcroco maintainers
QA Contact:	libcroco maintainers

URL:
Whiteboard:	gnome[unmaintained]

Depends on:
Blocks:

Reported:	2017-05-15 08:31 UTC by qflb.wu
Modified:	2020-08-11 15:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
csslint-0.6 --dump-location poc1.css (6.95 KB, text/css) 2017-05-15 08:31 UTC, qflb.wu		Details
Proposed patch. (764 bytes, patch) 2019-05-02 16:02 UTC, Mike Gorse	none	Details \| Review

Description qflb.wu 2017-05-15 08:31:17 UTC

Created attachment 351855 [details]
csslint-0.6 --dump-location   poc1.css

the cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 has a bug that result in a denial of service (memory allocation error),

    ./csslint-0.6 --dump-location   poc1.css


	==77826== ERROR: AddressSanitizer failed to allocate 0x40002000 (1073750016) bytes of LargeMmapAllocator: Cannot allocate memory
==77826== Process memory map follows:
	0x000000400000-0x0000004fe000	/home/a/Documents/libcroco-0.6.12/csslint/csslint-0.6
	0x0000006fd000-0x0000006fe000	/home/a/Documents/libcroco-0.6.12/csslint/csslint-0.6
	0x0000006fe000-0x00000070e000	/home/a/Documents/libcroco-0.6.12/csslint/csslint-0.6
	......

Comment 1 Alan Coopersmith 2017-06-08 17:13:02 UTC

This was assigned CVE-2017-8834 according to
http://seclists.org/fulldisclosure/2017/Jun/10

Comment 2 Mike Gorse 2019-05-02 16:02:32 UTC

Created attachment 374219 [details] [review]
Proposed patch.

Comment 3 André Klapper 2020-08-11 15:46:38 UTC

libcroco is not under development anymore. Its codebase has been archived.

Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect
reality. Please feel free to reopen this ticket (or rather transfer the project
to GNOME Gitlab, as GNOME Bugzilla is being shut down) if anyone takes the
responsibility for active development again.